skip to content
Primary navigation

Secure Teleworking

State employees have a responsibility to protect state data by following cybersecurity best practices.

Computers and Mobile Devices

  • Use state-issued computers and mobile devices, rather than personal devices.
  • Never let anyone else use your state-issued device (this includes family members and people on your work team).
  • Use only authorized and licensed organizational systems, software, and applications to process, send, and store data.
  • Install software updates as soon as they’re available. This will safeguard against cyber criminals taking advantage of known software bugs and other vulnerabilities.
  • Keep personal devices up-to-date to protect your home computers and networks.
    • Set your computer to install software updates automatically.
    • Install and maintain a current antivirus solution – many internet providers offer free antivirus products through your account portal. This includes Comcast, Charter, CenturyLink, and most other providers.

Connecting to the Internet

  • Utilize home Wi-Fi or connect using Ethernet whenever possible.
  • Secure your home network with a strong passphrase and name that doesn’t identify the user or location.
  • If using non-home Wi-Fi, use your mobile phone as a hot spot for a more secure connection.
  • Always confirm the name of the Wi-Fi connection you intend to use to avoid using a similarly named fraudulent network.

Accessing State Systems

  • Use agency-approved VPN to connect to the state network. Learn how to use VPN.
  • Use strong passwords or passphrases.
  • Log in with the lowest level user account and elevate privileges if necessary.
  • Use only the state-provided password manager on your laptop to store work passwords.
  • Screen lock your computer and mobile devices before stepping away.

Data and Resources

  • Only access official websites.
  • Don’t download sensitive data to your computer or mobile device.
  • Don’t send or receive sensitive data while using public Wi-Fi unless connected through the agency-approved VPN.

Phishing Attacks and Malware

  • Be wary of any external emails related to COVID-19. Rely on trusted resources such as the Minnesota Department of Health and Centers for Disease Control websites for up-to-date information.
  • Avoid responding to unsolicited emails or phone calls from external sources.
  • Don’t click on links or attachments unless they have been verified as legitimate.
  • Confirm any request for state data by alternate means to verity the request is authentic.

Reporting Phishing or Security Incidents

  • Report suspected phishing attacks: Highlight the message and forward it as an attachment to spam.reporting@state.mn.us.
  • If you are using Office 365 Webmail, report Spam/Phishing messages using the Junk button above the message.
  • Report any suspected security incidents: Contact the Service Desk at 651-297-1111 and notify your manager or supervisor.
back to top